Introduction to TTL on Installed Packages

The introduction of TTL on installed packages in Salesforce Marketing Cloud has significant implications for security and key management. To mitigate potential security risks, it is essential to handle client secrets securely and efficiently.

A common approach is to store API information in a DE, allowing for easy updates and rotation of keys. This method ensures that sensitive information is not hardcoded in multiple locations, reducing the risk of exposure.

Best Practices for Managing API Keys

Best practices for managing API keys in Salesforce Marketing Cloud include using a centralized storage solution, such as a DE, and avoiding hardcoding client secrets in Cloudpages. Instead, use a lookup to retrieve the required information, ensuring that sensitive data is handled securely.

Additionally, consider encrypting keys to add an extra layer of security. While this may seem like an additional complexity, it is a crucial step in protecting sensitive information.

The root cause of the challenge in managing TTL on installed packages is the lack of a centralized approach to storing and managing API keys. By using a DE to store keys and performing a lookup, teams can ensure that sensitive information is handled securely and efficiently.

Implementing a Centralized Approach

To implement a centralized approach to managing API keys, follow these steps:

example.txt

/* Create a DE to store API keys */
CREATE DE keys (
  id INT PRIMARY KEY,
  key VARCHAR(255)
);

/* Insert API keys into the DE */
INSERT INTO keys (id, key) VALUES (1, 'api_key_1');
INSERT INTO keys (id, key) VALUES (2, 'api_key_2');

Once the DE is set up, use a lookup to retrieve the required API key in your Cloudpages.

Heads up: Make sure to update the API keys in the DE when they expire or need to be rotated.

Checklist for Managing TTL on Installed Packages

Best Practices Checklist

• Use a centralized storage solution, such as a DE, to store API keys
• Avoid hardcoding client secrets in Cloudpages
• Use a lookup to retrieve API keys
• Consider encrypting keys for added security
• Regularly update and rotate API keys
• Use a secure method to store and manage API keys

Frequently Asked Questions

What is the best way to store API keys in Salesforce Marketing Cloud?

The best way to store API keys is to use a centralized storage solution, such as a DE.

How often should I update and rotate API keys?

API keys should be updated and rotated regularly, depending on the specific requirements of your organization.

What are the security risks of hardcoding client secrets in Cloudpages?

Hardcoding client secrets in Cloudpages poses a significant security risk, as sensitive information can be exposed if the Cloudpage is compromised.

Can I use ContentBlocks as a global variable to store API keys?

While ContentBlocks can be used to store API keys, it is not the most secure or efficient method. Instead, use a centralized storage solution, such as a DE.